Improve FTP Security Using vsftpd with SSL/TLS
Plain FTP or non-encrypted FTP transfer is not secure as attackers can sneak in and retrieve the data (including the FTP username and password) you are sending as all the data is send as plain text. The best thing to do in this case is to secure the FTP transfer by encrypting the data with SSL/TLS.
In this tutorial we will go through how FTP server (server in which FTP server side software/application is installed) can be secured with SSL/TLS and there by making the file transfer secure. This is to help shared hosting servers are secured with SSL/TLS encryption.
vsftpd is very secure FTP daemon which is a very fast, reliable and secure FTP application/software.
You can install vsftpd easily via yum as it is available in the default CentOS repository.
yum install vsftpd
Edit vsftpd configuration file to tighten security
Open the vsftpd configuration file (by default: /etc/vsftpd/vsftpd.conf) and add the following lines.
Disable anonymous login
Use linux system users and authentication for login
Enable write privilege to modify content
Limit the FTP user access to respective home directory.
Setup SSL for vsftpd
Create a new directory for storing the SSL files (certificate and key).
We can create the SSL certificate and the key in a single file with openssl command.
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
This will prompt a few questions as shown in the screenshot. Just fill the questions and press ‘Enter’.
Modify vsftpd config to add SSL/TLS Information
Open vsftpd config file
Add the following lines to mention the location of certificate and key file
To enable SSL on FTP login and data transfer add the following lines
To explicitly allow TLS and deny SSL add the following lines
Add these recommended SSL settings as well
Restart vsftpd service for the changes to take effect.
This will enable secure file transfers between the local machine and the FTP server.